InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise

Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads...

AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

Summary The AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugins database table is explicitly listed in ignoreTableSecurityCheck,...

CVE-2026-34613

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

A new analysis of endpoint detection and response EDR killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver BYOVD by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way...

VulnCheck KEV: CVE-2025-70795

STProcessMonitor Driver contains an insecure IOCTL vulnerability that allows local attackers to terminate arbitrary kernel processes by bypassing validation. Attackers can exploit the exposed process termination functionality to disable security products and gain control of the affected system...

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver BYOVD component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that...

SUSE CVE-2025-65105

Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor: and --security=selinux: which otherwise put restrictions on operations that containers...

EUVD-2009-4784

Malware in sbrugna...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

PT-2024-40480 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue arises from the LoginForm calling the disableSecurityToken function, which leads to a "shared host domain" vulnerability. This vulnerability is related to the way security...

ROS-20240425-04

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

Improper access control

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network...

GHSA-4MH8-9WQ6-RJXG OpenAM vulnerable to user impersonation using SAMLv1.x SSO process

Impact OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the...

CVE-2023-23597

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...

PT-2023-23170 · Unknown · Postgresnio

Name of the Vulnerable Software and Affected Versions: PostgresNIO versions prior to 1.14.2 Description: The issue affects users of PostgresNIO who connect to servers with TLS enabled, allowing a man-in-the-middle attacker to inject false responses to the client's first few queries despite the us...

PT-2023-19982 · Tenda · Tenda Ac5

Name of the Vulnerable Software and Affected Versions: Tenda AC5 version US AC5V1.0RTL V15.03.06.28 Description: The issue is related to a stack overflow via the R7WebsSecurityHandler function, allowing attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

SUSE CVE-2009-2088

The Servlet Engine/Web Container component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on SSO and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL,"...

SUSE CVE-2017-1376

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873...